Merge pull request #42479 from nextcloud/appapi-twofactor

AppAPI: allow to bypass Two-Factor
author: Alexander Piskun <13381981+bigcat88@users.noreply.github.com> 2023-12-29 11:29:29 +0300
committer: GitHub <noreply@github.com> 2023-12-29 11:29:29 +0300
commit: cdc2723d97ffb1a4ad5db4fdc15a0a6385e4493d (patch)
tree: 72eafc5642cde3bf26a11f4bfd7df8095838607e /lib
parent: b15b12d5ecd65f6586332753f20b3c82f4dd82a5 (diff)
parent: 26d343d33aa763b7126937680769525e51638b90 (diff)
download: nextcloud-server-cdc2723d97ffb1a4ad5db4fdc15a0a6385e4493d.tar.gz
nextcloud-server-cdc2723d97ffb1a4ad5db4fdc15a0a6385e4493d.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index b0bb73c3115..4defcb9a585 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -318,8 +318,8 @@ class Manager {
 			return false;
 		}
 
-		// If we are authenticated using an app password skip all this
-		if ($this->session->exists('app_password')) {
+		// If we are authenticated using an app password or AppAPI Auth, skip all this
+		if ($this->session->exists('app_password') || $this->session->get('app_api') === true) {
 			return false;
 		}
author	Alexander Piskun <13381981+bigcat88@users.noreply.github.com>	2023-12-29 11:29:29 +0300
committer	GitHub <noreply@github.com>	2023-12-29 11:29:29 +0300
commit	cdc2723d97ffb1a4ad5db4fdc15a0a6385e4493d (patch)
tree	72eafc5642cde3bf26a11f4bfd7df8095838607e /lib
parent	b15b12d5ecd65f6586332753f20b3c82f4dd82a5 (diff)
parent	26d343d33aa763b7126937680769525e51638b90 (diff)
download	nextcloud-server-cdc2723d97ffb1a4ad5db4fdc15a0a6385e4493d.tar.gz nextcloud-server-cdc2723d97ffb1a4ad5db4fdc15a0a6385e4493d.zip